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DETAILED ACTION 

1 . Claims 1-29 are pending examination. 

Specification 

2. The title of the invention is not properly descriptive. 1 A new title is required that is clearly indicative 
of the invention to which the claims are directed. The following title is suggested: PROTECTING MOBILE 
CODE AGAINST MALICIOUS HOSTS. 

Information Disclosure Statement 

3. The information disclosure statement (IDS) submitted on 3/3/05 and 8/15/05 have been considered 
by the Examiner. 2 

Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and 
useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 

5. Claims 1-5 and 22-29 are rejected under 35 U.S.C. 101 because the claimed invention is directed to 
non-statutory subject matter. Claims 1-5 are directed toward "code", i.e. software perse, which is not 
recognized as any of the statutory categories of invention. Furthermore, it is additionally observed that the 
code is intended for execution in a "program execution environment", such as the Java platform in the 
preferred embodiment (page 1 , lines 25-30); the Java platform is itself preferably embodied as a virtual 
machine, which is itself software perse and therefore the claims cover embodiments that are fully 
intangible. Additionally, even if the code were tangibly embodied somehow within a host computer system, 

1 Prior to this Office Action, the title of the instant application was formally recorded as "PROTECTING MOBILE CODE 
AGAINST MALICIOUS HOSTS CROSS REFERENCE TO RELATED APPLICATIONS". Examiner merely wishes to officially 
correct this typographical error. 

2 In the IDS of 8/15/05 Applicant may have erroneously cited U.S. Patent 5,553,752 to Foster, in lieu of U.S. Patent 5,530,752 to 
Rubin as would be suggested by the PCT/US00/13128 search report. 
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the code does not itself perform any novel and non-obvious function, but rather the alleged novelty of the 
claimed invention lay in the manner by which the code is encoded (the encryption, obfuscation, and 
watermarking limitations of the claims) by some unclaimed component. 3 The claims are thus directed to 
non-functional descriptive material, which cannot be made statutory merely by reciting that it is recorded on 
some computer-readable medium since no requisite functionality is present to satisfy the practical 
application requirement. Merely claiming nonfunctional descriptive material, i.e., abstract ideas, stored on a 
computer-readable medium, in a computer, or on an electromagnetic carrier signal, does not make it 
statutory. See Diamond v. Diehr, 450 U.S. 175, 185-86, 209 USPQ at 8 (noting that the claims for an 
algorithm in Benson were unpatentable as abstract ideas because "[t]he sole practical application of the 
algorithm was in connection with the programming of a general purpose computer."). Such a result would 
exalt form over substance. In re Sarkar, 588 F.2d 1330, 1333, 200 USPQ 132, 137 (CCPA 1978) (See also 
MPEP 2106.01). Similarly, claims 22-29 are rejected as it appears from the preamble that the protected 
program may be executed either by the host computer system or the program execution environment [the 
virtual machine]; as the latter is non-statutory subject matter as discussed above, thus the claim 
encompasses non-statutory subject matter and is itself non-statutory.. 

Claim Rejections - 35 USC § 103 
6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all obviousness rejections 
set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this 
title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 



3 A "Hello World" Java program thusly encoded would be equally meritorious of patent protection as any other Java program that 
may produce a new and useful result, under the current claim language. 
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7. Claims 1-29 are rejected under 35 U.S.C. 103(a) as being unpatentable over "A Practical Method for 
Watermarking Java Programs" from the IDS filed 8/15/05 (hereinafter, "Monden") in view of "Software 
DisEngineering: Program Hiding Architecture and Experiments" (hereinafter, "Valdez"). 
Regarding claim 1: 

Monden discloses code comprising: one or more obfuscated names that correspond to system 
symbolic names (page 192, "3.1 Current solutions for program theft", third paragraph); a first association 
between the obfuscated names and other forms of the corresponding symbolic names (page 194, Figures 
4 & 5); a static watermark that has been added to the code (Ibid, and "Watermark injection"); the execution 
environment including a second association of the forms with information needed to resolve the 
corresponding system symbolic names, using the first and second associations to resolve the obfuscated 
names, and using the static watermark to determine the authenticity of the code (Ibid, and page 195, 
"Decoding Procedure"). 

Monden does not explicitly disclose that any of the corresponding system symbolic names are 
encrypted. However, Valdez discloses a number of techniques for preventing reverse engineering of 
software for illegal uses (page 1 , "Introduction"; cf. Monden, page 1, "Introduction") wherein information in a 
program, including symbolic information can be encrypted to obscure it (pages 386-387, "5.2 Execution 
Credential and Descrambling"; and Tables 1-5). It would have been obvious to encrypt symbolic 
information in a Java program as part of the watermarking process disclosed by Monden, because the 
encryption technique(s) disclosed by Valdez were part of the ordinary capabilities of one of ordinary skill in 
the art, in view of the teaching of the technique(s) for improvement in related situations. 
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Regarding claims 6 and 14: 

Monden teaches an improved class loader (class loaders in general being an inherent component to 
Java) and method comprising: using the first association and a second association between the forms and 
information used to resolve the symbolic names defined in the class to resolve the symbolic names in a 
program (pages 194-195, including Figures 4-8); and adding a method to the program which determines 
whether the program has been modified by the host (page 194, "Dummy method injection"). 

Monden does not explicitly disclose that any of the corresponding system symbolic names are 
encrypted. However, Valdez discloses a number of techniques for preventing reverse engineering of 
software for illegal uses (page 1 , "Introduction"; cf. Monden, page 1, "Introduction") wherein information in a 
program, including symbolic information can be encrypted to obscure it (pages 386-387, "5.2 Execution 
Credential and Descrambling"; and Tables 1-5). It would have been obvious to encrypt symbolic 
information in a Java program as part of the watermarking process disclosed by Monden, because the 
encryption technique(s) disclosed by Valdez were part of the ordinary capabilities of one of ordinary skill in 
the art, in view of the teaching of the technique(s) for improvement in related situations. 
Regarding claim 22: 

Monden a method comprising: replacing symbolic names in the program that are defined in the 
class with obfuscated symbolic names corresponding thereto (page 194, "Watermark injection", and 
Figures 4-5); making a first association between the obfuscated symbolic names and forms of the replaces 
symbolic names (Ibid); making a second association between the forms of the symbolic names and 
information required to resolve the symbolic names (page 195, Figures 6-8); adding a method to the 
program that determines whether the program has been modified by the host (page 194, "Dummy method 
injection"); using the first and second associations to resolve the obfuscated symbolic names (page 195, 
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"Decoding Procedure") and executing the added method to determine whether the program has been 
modified by the host (Ibid). 

Monden does not explicitly disclose that any of the corresponding system symbolic names are 
encrypted. However, Valdez discloses a number of techniques for preventing reverse engineering of 
software for illegal uses (page 1 , "Introduction"; cf. Monden, page 1, "Introduction") wherein information in a 
program, including symbolic information can be encrypted to obscure it (pages 386-387, "5.2 Execution 
Credential and Descrambling"; and Tables 1-5). It would have been obvious to encrypt symbolic 
information in a Java program as part of the watermarking process disclosed by Monden, because the 
encryption technique(s) disclosed by Valdez were part of the ordinary capabilities of one of ordinary skill in 
the art, in view of the teaching of the technique(s) for improvement in related situations. 
Regarding claims 2 and 10: 

Monden further discloses wherein the static watermark's value is a digest of the code prior to the 
addition of the static watermark (Figure 6). 
Regarding claims 3 and 23: 

Valdez further discloses wherein other obfuscated names that replace names defined in source 
code from which the code was made (page 381 , "Transformations"). 
Regarding claim 4: 

Monden further discloses wherein the code is downloaded to the program execution environment for 
execution (e.g. Java applets on Internet sites, page 191). 
Regarding claims 5, 13, 21, and 29: 

Valdez further discloses wherein the program includes an encrypted form of the encryption key used 
to produce the second association (the session key, page 380), and the improved class loader obtains the 
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encryption key by using a decryption key to decrypt the encrypted form of the encryption key (decryption 
key, page 382). 
Regarding claim 7: 

Valdez further discloses wherein the method is encrypted prior to being added to the program and 
the improved class loader decrypts the method on adding the method to the program (page 388, "6.1 TCL 
Transformations", particularly 1 st paragraph). 
Regarding claim 8: 

Monden further discloses wherein the program includes information from which the method 
determines whether the program has been modified by the host (page 194, "Dummy method injection") 
Regarding claims 9, 17, and 26: 

Monden further discloses wherein the program includes a static watermark (pages 194-195, 
"Watermark injection") and the static watermark is the information from which the method determines 
whether the program has been modified by the host (Ibid) 
Regarding claims 11,19, and 27: 

Monden further discloses wherein the static watermark is at a location in the program determined by 
a key (Figures 6, 7, & 8) and the method has access to the key and uses the key to locate the static 
watermark (Ibid). 
Regarding claims 12, 20, and 28: 

Valdez further discloses wherein the improved class loader has access to an encryption key that 
was used to produce the encrypted forms in the first association (pages 386-387, "5.2 Execution Credential 
and Descrambling"); and the improved class loader uses encryption key to produce second association on 
loading the class (Ibid). 
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Regarding claims 15 and 24: 

Valdez further discloses wherein the added method is encrypted (pages 386-387, "5.2 Execution 
Credential and Descrambling"; cf. Tables 1-5); and the step of adding the method includes the step of 
decrypting the method (Ibid). 
Regarding claim 16: 

Monden further discloses wherein the program includes information which the added method uses 
to determine whether the program has been modified by the host (the watermark: see page 195, including 
"4.2 Decoding Procedure"). 
Regarding claim 18: 

Monden further discloses wherein the static watermark's value is a digest of the code prior to the 
addition of the static watermark (Figure 6) and wherein the added method reads the static watermark, 
recomputes the digest, and compares the recomputed digest with the watermark's value (page 195 
"Decoding procedure"). 
Regarding claim 25: 

Monden further discloses wherein the program includes information which the added method uses 
to determine whether the program has been modified by the host (the watermark: see page 195, including 
"4.2 Decoding Procedure") and in the step of executing the added method, the added method uses the 
information to determine whether the program has been modified by the host (Ibid). 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

• U.S. Patents 5,530,752; 7,305,704; and 7,343,619 

• U.S. Pre-grant Publications 2003/01 77374, 2003/01 77381 , and 2003/01 77391 
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9. Any inquiry concerning this communication or earlier communications from the examiner should be 
directed to Thomas Gyorfi whose telephone number is (571)272-3849. The examiner can normally be 
reached on 8:30am - 5:00pm Monday - Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Kim Vu 
can be reached on (571 ) 272-3859. The fax phone number for the organization where this application or 
proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative 
or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 
1000. 
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